const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

const securityMiddleware = app => {
  // 基础安全头
  app.use(helmet());

  // 速率限制
  const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15分钟
    max: 100 // 限制每个IP 100个请求
  });

  app.use('/api/', limiter);
};

module.exports = securityMiddleware; 